search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
re PR tree-optimization/59287 (points-to analysis confused by union accesses)
[official-gcc.git] / gcc / vtable-verify.c
blob46c5621509db6956c6d3bc0f12bc916af6e4c3bf
1 /* Copyright (C) 2013
2 Free Software Foundation, Inc.
3
4 This file is part of GCC.
5
6 GCC is free software; you can redistribute it and/or modify it under
7 the terms of the GNU General Public License as published by the Free
8 Software Foundation; either version 3, or (at your option) any later
9 version.
10
11 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
12 WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with GCC; see the file COPYING3. If not see
18 <http://www.gnu.org/licenses/>. */
19
20 /* Virtual Table Pointer Security Pass - Detect corruption of vtable pointers
21 before using them for virtual method dispatches. */
22
23 /* This file is part of the vtable security feature implementation.
24 The vtable security feature is designed to detect when a virtual
25 call is about to be made through an invalid vtable pointer
26 (possibly due to data corruption or malicious attacks). The
27 compiler finds every virtual call, and inserts a verification call
28 before the virtual call. The verification call takes the actual
29 vtable pointer value in the object through which the virtual call
30 is being made, and compares the vtable pointer against a set of all
31 valid vtable pointers that the object could contain (this set is
32 based on the declared type of the object). If the pointer is in
33 the valid set, execution is allowed to continue; otherwise the
34 program is halted.
35
36 There are several pieces needed in order to make this work: 1. For
37 every virtual class in the program (i.e. a class that contains
38 virtual methods), we need to build the set of all possible valid
39 vtables that an object of that class could point to. This includes
40 vtables for any class(es) that inherit from the class under
41 consideration. 2. For every such data set we build up, we need a
42 way to find and reference the data set. This is complicated by the
43 fact that the real vtable addresses are not known until runtime,
44 when the program is loaded into memory, but we need to reference the
45 sets at compile time when we are inserting verification calls into
46 the program. 3. We need to find every virtual call in the program,
47 and insert the verification call (with the appropriate arguments)
48 before the virtual call. 4. We need some runtime library pieces:
49 the code to build up the data sets at runtime; the code to actually
50 perform the verification using the data sets; and some code to set
51 protections on the data sets, so they themselves do not become
52 hacker targets.
53
54 To find and reference the set of valid vtable pointers for any given
55 virtual class, we create a special global variable for each virtual
56 class. We refer to this as the "vtable map variable" for that
57 class. The vtable map variable has the type "void *", and is
58 initialized by the compiler to NULL. At runtime when the set of
59 valid vtable pointers for a virtual class, e.g. class Foo, is built,
60 the vtable map variable for class Foo is made to point to the set.
61 During compile time, when the compiler is inserting verification
62 calls into the program, it passes the vtable map variable for the
63 appropriate class to the verification call, so that at runtime the
64 verification call can find the appropriate data set.
65
66 The actual set of valid vtable pointers for a virtual class,
67 e.g. class Foo, cannot be built until runtime, when the vtables get
68 loaded into memory and their addresses are known. But the knowledge
69 about which vtables belong in which class' hierarchy is only known
70 at compile time. Therefore at compile time we collect class
71 hierarchy and vtable information about every virtual class, and we
72 generate calls to build up the data sets at runtime. To build the
73 data sets, we call one of the functions we add to the runtime
74 library, __VLTRegisterPair. __VLTRegisterPair takes two arguments,
75 a vtable map variable and the address of a vtable. If the vtable
76 map variable is currently NULL, it creates a new data set (hash
77 table), makes the vtable map variable point to the new data set, and
78 inserts the vtable address into the data set. If the vtable map
79 variable is not NULL, it just inserts the vtable address into the
80 data set. In order to make sure that our data sets are built before
81 any verification calls happen, we create a special constructor
82 initialization function for each compilation unit, give it a very
83 high initialization priority, and insert all of our calls to
84 __VLTRegisterPair into our special constructor initialization
85 function.
86
87 The vtable verification feature is controlled by the flag
88 '-fvtable-verify='. There are three flavors of this:
89 '-fvtable-verify=std', '-fvtable-verify=preinit', and
90 '-fvtable-verify=none'. If the option '-fvtable-verfy=preinit' is
91 used, then our constructor initialization function gets put into the
92 preinit array. This is necessary if there are data sets that need
93 to be built very early in execution. If the constructor
94 initialization function gets put into the preinit array, the we also
95 add calls to __VLTChangePermission at the beginning and end of the
96 function. The call at the beginning sets the permissions on the
97 data sets and vtable map variables to read/write, and the one at the
98 end makes them read-only. If the '-fvtable-verify=std' option is
99 used, the constructor initialization functions are executed at their
100 normal time, and the __VLTChangePermission calls are handled
101 differently (see the comments in libstdc++-v3/libsupc++/vtv_rts.cc).
102 The option '-fvtable-verify=none' turns off vtable verification.
103
104 This file contains code for the tree pass that goes through all the
105 statements in each basic block, looking for virtual calls, and
106 inserting a call to __VLTVerifyVtablePointer (with appropriate
107 arguments) before each one. It also contains the hash table
108 functions for the data structures used for collecting the class
109 hierarchy data and building/maintaining the vtable map variable data
110 are defined in gcc/vtable-verify.h. These data structures are
111 shared with the code in the C++ front end that collects the class
112 hierarchy & vtable information and generates the vtable map
113 variables (see cp/vtable-class-hierarchy.c). This tree pass should
114 run just before the gimple is converted to RTL.
115
116 Some implementation details for this pass:
117
118 To find all of the virtual calls, we iterate through all the
119 gimple statements in each basic block, looking for any call
120 statement with the code "OBJ_TYPE_REF". Once we have found the
121 virtual call, we need to find the vtable pointer through which the
122 call is being made, and the type of the object containing the
123 pointer (to find the appropriate vtable map variable). We then use
124 these to build a call to __VLTVerifyVtablePointer, passing the
125 vtable map variable, and the vtable pointer. We insert the
126 verification call just after the gimple statement that gets the
127 vtable pointer out of the object, and we update the next
128 statement to depend on the result returned from
129 __VLTVerifyVtablePointer (the vtable pointer value), to ensure
130 subsequent compiler phases don't remove or reorder the call (it's no
131 good to have the verification occur after the virtual call, for
132 example). To find the vtable pointer being used (and the type of
133 the object) we search backwards through the def_stmts chain from the
134 virtual call (see verify_bb_vtables for more details). */
135
136 #include "config.h"
137 #include "system.h"
138 #include "coretypes.h"
139 #include "tree.h"
140 #include "basic-block.h"
141 #include "tree-ssa-alias.h"
142 #include "internal-fn.h"
143 #include "gimple-expr.h"
144 #include "is-a.h"
145 #include "gimple.h"
146 #include "gimple-iterator.h"
147 #include "gimple-ssa.h"
148 #include "tree-phinodes.h"
149 #include "ssa-iterators.h"
150 #include "stringpool.h"
151 #include "tree-ssanames.h"
152 #include "tree-pass.h"
153 #include "cfgloop.h"
154
155 #include "vtable-verify.h"
156
157 unsigned num_vtable_map_nodes = 0;
158 int total_num_virtual_calls = 0;
159 int total_num_verified_vcalls = 0;
160
161 extern GTY(()) tree verify_vtbl_ptr_fndecl;
162 tree verify_vtbl_ptr_fndecl = NULL_TREE;
163
164 /* Keep track of whether or not any virtual call were verified. */
165 static bool any_verification_calls_generated = false;
166
167 unsigned int vtable_verify_main (void);
168
169
170 /* The following few functions are for the vtbl pointer hash table
171 in the 'registered' field of the struct vtable_map_node. The hash
172 table keeps track of which vtable pointers have been used in
173 calls to __VLTRegisterPair with that particular vtable map variable. */
174
175 /* This function checks to see if a particular VTABLE_DECL and OFFSET are
176 already in the 'registered' hash table for NODE. */
177
178 bool
179 vtbl_map_node_registration_find (struct vtbl_map_node *node,
180 tree vtable_decl,
181 unsigned offset)
182 {
183 struct vtable_registration key;
184 struct vtable_registration **slot;
185
186 gcc_assert (node && node->registered.is_created ());
187
188 key.vtable_decl = vtable_decl;
189 slot = (struct vtable_registration **) node->registered.find_slot (&key,
190 NO_INSERT);
191
192 if (slot && (*slot))
193 {
194 unsigned i;
195 for (i = 0; i < ((*slot)->offsets).length (); ++i)
196 if ((*slot)->offsets[i] == offset)
197 return true;
198 }
199
200 return false;
201 }
202
203 /* This function inserts VTABLE_DECL and OFFSET into the 'registered'
204 hash table for NODE. It returns a boolean indicating whether or not
205 it actually inserted anything. */
206
207 bool
208 vtbl_map_node_registration_insert (struct vtbl_map_node *node,
209 tree vtable_decl,
210 unsigned offset)
211 {
212 struct vtable_registration key;
213 struct vtable_registration **slot;
214 bool inserted_something = false;
215
216 if (!node || !node->registered.is_created ())
217 return false;
218
219 key.vtable_decl = vtable_decl;
220 slot = (struct vtable_registration **) node->registered.find_slot (&key,
221 INSERT);
222
223 if (! *slot)
224 {
225 struct vtable_registration *node;
226 node = XNEW (struct vtable_registration);
227 node->vtable_decl = vtable_decl;
228
229 (node->offsets).create (10);
230 (node->offsets).safe_push (offset);
231 *slot = node;
232 inserted_something = true;
233 }
234 else
235 {
236 /* We found the vtable_decl slot; we need to see if it already
237 contains the offset. If not, we need to add the offset. */
238 unsigned i;
239 bool found = false;
240 for (i = 0; i < ((*slot)->offsets).length () && !found; ++i)
241 if ((*slot)->offsets[i] == offset)
242 found = true;
243
244 if (!found)
245 {
246 ((*slot)->offsets).safe_push (offset);
247 inserted_something = true;
248 }
249 }
250 return inserted_something;
251 }
252
253 /* Hashtable functions for vtable_registration hashtables. */
254
255 inline hashval_t
256 registration_hasher::hash (const value_type *p)
257 {
258 const struct vtable_registration *n = (const struct vtable_registration *) p;
259 return (hashval_t) (DECL_UID (n->vtable_decl));
260 }
261
262 inline bool
263 registration_hasher::equal (const value_type *p1, const compare_type *p2)
264 {
265 const struct vtable_registration *n1 =
266 (const struct vtable_registration *) p1;
267 const struct vtable_registration *n2 =
268 (const struct vtable_registration *) p2;
269 return (DECL_UID (n1->vtable_decl) == DECL_UID (n2->vtable_decl));
270 }
271
272 /* End of hashtable functions for "registered" hashtables. */
273
274
275
276 /* Hashtable definition and functions for vtbl_map_hash. */
277
278 struct vtbl_map_hasher : typed_noop_remove <struct vtbl_map_node>
279 {
280 typedef struct vtbl_map_node value_type;
281 typedef struct vtbl_map_node compare_type;
282 static inline hashval_t hash (const value_type *);
283 static inline bool equal (const value_type *, const compare_type *);
284 };
285
286 /* Returns a hash code for P. */
287
288 inline hashval_t
289 vtbl_map_hasher::hash (const value_type *p)
290 {
291 const struct vtbl_map_node n = *((const struct vtbl_map_node *) p);
292 return (hashval_t) IDENTIFIER_HASH_VALUE (n.class_name);
293 }
294
295 /* Returns nonzero if P1 and P2 are equal. */
296
297 inline bool
298 vtbl_map_hasher::equal (const value_type *p1, const compare_type *p2)
299 {
300 const struct vtbl_map_node n1 = *((const struct vtbl_map_node *) p1);
301 const struct vtbl_map_node n2 = *((const struct vtbl_map_node *) p2);
302 return (IDENTIFIER_HASH_VALUE (n1.class_name) ==
303 IDENTIFIER_HASH_VALUE (n2.class_name));
304 }
305
306 /* Here are the two structures into which we insert vtable map nodes.
307 We use two data structures because of the vastly different ways we need
308 to find the nodes for various tasks (see comments in vtable-verify.h
309 for more details. */
310
311 typedef hash_table <vtbl_map_hasher> vtbl_map_table_type;
312 typedef vtbl_map_table_type::iterator vtbl_map_iterator_type;
313
314 /* Vtable map variable nodes stored in a hash table. */
315 static vtbl_map_table_type vtbl_map_hash;
316
317 /* Vtable map variable nodes stored in a vector. */
318 vec<struct vtbl_map_node *> vtbl_map_nodes_vec;
319
320 /* Return vtbl_map node for CLASS_NAME without creating a new one. */
321
322 struct vtbl_map_node *
323 vtbl_map_get_node (tree class_type)
324 {
325 struct vtbl_map_node key;
326 struct vtbl_map_node **slot;
327
328 tree class_type_decl;
329 tree class_name;
330 unsigned int type_quals;
331
332 if (!vtbl_map_hash.is_created ())
333 return NULL;
334
335 gcc_assert (TREE_CODE (class_type) == RECORD_TYPE);
336
337
338 /* Find the TYPE_DECL for the class. */
339 class_type_decl = TYPE_NAME (class_type);
340
341 /* Verify that there aren't any qualifiers on the type. */
342 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
343 gcc_assert (type_quals == TYPE_UNQUALIFIED);
344
345 /* Get the mangled name for the unqualified type. */
346 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
347 class_name = DECL_ASSEMBLER_NAME (class_type_decl);
348
349 key.class_name = class_name;
350 slot = (struct vtbl_map_node **) vtbl_map_hash.find_slot (&key,
351 NO_INSERT);
352 if (!slot)
353 return NULL;
354 return *slot;
355 }
356
357 /* Return vtbl_map node assigned to BASE_CLASS_TYPE. Create new one
358 when needed. */
359
360 struct vtbl_map_node *
361 find_or_create_vtbl_map_node (tree base_class_type)
362 {
363 struct vtbl_map_node key;
364 struct vtbl_map_node *node;
365 struct vtbl_map_node **slot;
366 tree class_type_decl;
367 unsigned int type_quals;
368
369 if (!vtbl_map_hash.is_created ())
370 vtbl_map_hash.create (10);
371
372 /* Find the TYPE_DECL for the class. */
373 class_type_decl = TYPE_NAME (base_class_type);
374
375 /* Verify that there aren't any type qualifiers on type. */
376 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
377 gcc_assert (type_quals == TYPE_UNQUALIFIED);
378
379 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
380 key.class_name = DECL_ASSEMBLER_NAME (class_type_decl);
381 slot = (struct vtbl_map_node **) vtbl_map_hash.find_slot (&key,
382 INSERT);
383
384 if (*slot)
385 return *slot;
386
387 node = XNEW (struct vtbl_map_node);
388 node->vtbl_map_decl = NULL_TREE;
389 node->class_name = key.class_name;
390 node->uid = num_vtable_map_nodes++;
391
392 node->class_info = XNEW (struct vtv_graph_node);
393 node->class_info->class_type = base_class_type;
394 node->class_info->class_uid = node->uid;
395 node->class_info->num_processed_children = 0;
396
397 (node->class_info->parents).create (4);
398 (node->class_info->children).create (4);
399
400 node->registered.create (16);
401
402 node->is_used = false;
403
404 vtbl_map_nodes_vec.safe_push (node);
405 gcc_assert (vtbl_map_nodes_vec[node->uid] == node);
406
407 *slot = node;
408 return node;
409 }
410
411 /* End of hashtable functions for vtable_map variables hash table. */
412
413 /* Given a gimple STMT, this function checks to see if the statement
414 is an assignment, the rhs of which is getting the vtable pointer
415 value out of an object. (i.e. it's the value we need to verify
416 because its the vtable pointer that will be used for a virtual
417 call). */
418
419 static bool
420 is_vtable_assignment_stmt (gimple stmt)
421 {
422
423 if (gimple_code (stmt) != GIMPLE_ASSIGN)
424 return false;
425 else
426 {
427 tree lhs = gimple_assign_lhs (stmt);
428 tree rhs = gimple_assign_rhs1 (stmt);
429
430 if (TREE_CODE (lhs) != SSA_NAME)
431 return false;
432
433 if (TREE_CODE (rhs) != COMPONENT_REF)
434 return false;
435
436 if (! (TREE_OPERAND (rhs, 1))
437 || (TREE_CODE (TREE_OPERAND (rhs, 1)) != FIELD_DECL))
438 return false;
439
440 if (! DECL_VIRTUAL_P (TREE_OPERAND (rhs, 1)))
441 return false;
442 }
443
444 return true;
445 }
446
447 /* This function attempts to recover the declared class of an object
448 that is used in making a virtual call. We try to get the type from
449 the type cast in the gimple assignment statement that extracts the
450 vtable pointer from the object (DEF_STMT). The gimple statement
451 usually looks something like this:
452
453 D.2201_4 = MEM[(struct Event *)this_1(D)]._vptr.Event */
454
455 static tree
456 extract_object_class_type (tree rhs)
457 {
458 tree result = NULL_TREE;
459
460 /* Try to find and extract the type cast from that stmt. */
461 if (TREE_CODE (rhs) == COMPONENT_REF)
462 {
463 tree op0 = TREE_OPERAND (rhs, 0);
464 tree op1 = TREE_OPERAND (rhs, 1);
465
466 if (TREE_CODE (op1) == FIELD_DECL
467 && DECL_VIRTUAL_P (op1))
468 {
469 if (TREE_CODE (op0) == COMPONENT_REF
470 && TREE_CODE (TREE_OPERAND (op0, 0)) == MEM_REF
471 && TREE_CODE (TREE_TYPE (TREE_OPERAND (op0, 0)))== RECORD_TYPE)
472 result = TREE_TYPE (TREE_OPERAND (op0, 0));
473 else
474 result = TREE_TYPE (op0);
475 }
476 else if (TREE_CODE (op0) == COMPONENT_REF)
477 {
478 result = extract_object_class_type (op0);
479 if (result == NULL_TREE
480 && TREE_CODE (op1) == COMPONENT_REF)
481 result = extract_object_class_type (op1);
482 }
483 }
484
485 return result;
486 }
487
488 /* This function traces forward through the def-use chain of an SSA
489 variable to see if it ever gets used in a virtual function call. It
490 returns a boolean indicating whether or not it found a virtual call in
491 the use chain. */
492
493 static bool
494 var_is_used_for_virtual_call_p (tree lhs, int *mem_ref_depth)
495 {
496 imm_use_iterator imm_iter;
497 bool found_vcall = false;
498 use_operand_p use_p;
499
500 if (TREE_CODE (lhs) != SSA_NAME)
501 return false;
502
503 if (*mem_ref_depth > 2)
504 return false;
505
506 /* Iterate through the immediate uses of the current variable. If
507 it's a virtual function call, we're done. Otherwise, if there's
508 an LHS for the use stmt, add the ssa var to the work list
509 (assuming it's not already in the list and is not a variable
510 we've already examined. */
511
512 FOR_EACH_IMM_USE_FAST (use_p, imm_iter, lhs)
513 {
514 gimple stmt2 = USE_STMT (use_p);
515
516 if (gimple_code (stmt2) == GIMPLE_CALL)
517 {
518 tree fncall = gimple_call_fn (stmt2);
519 if (TREE_CODE (fncall) == OBJ_TYPE_REF)
520 found_vcall = true;
521 else
522 return false;
523 }
524 else if (gimple_code (stmt2) == GIMPLE_PHI)
525 {
526 found_vcall = var_is_used_for_virtual_call_p
527 (gimple_phi_result (stmt2),
528 mem_ref_depth);
529 }
530 else if (gimple_code (stmt2) == GIMPLE_ASSIGN)
531 {
532 tree rhs = gimple_assign_rhs1 (stmt2);
533 if (TREE_CODE (rhs) == ADDR_EXPR
534 || TREE_CODE (rhs) == MEM_REF)
535 *mem_ref_depth = *mem_ref_depth + 1;
536
537 if (TREE_CODE (rhs) == COMPONENT_REF)
538 {
539 while (TREE_CODE (TREE_OPERAND (rhs, 0)) == COMPONENT_REF)
540 rhs = TREE_OPERAND (rhs, 0);
541
542 if (TREE_CODE (TREE_OPERAND (rhs, 0)) == ADDR_EXPR
543 || TREE_CODE (TREE_OPERAND (rhs, 0)) == MEM_REF)
544 *mem_ref_depth = *mem_ref_depth + 1;
545 }
546
547 if (*mem_ref_depth < 3)
548 found_vcall = var_is_used_for_virtual_call_p
549 (gimple_assign_lhs (stmt2),
550 mem_ref_depth);
551 }
552
553 else
554 break;
555
556 if (found_vcall)
557 return true;
558 }
559
560 return false;
561 }
562
563 /* Search through all the statements in a basic block (BB), searching
564 for virtual method calls. For each virtual method dispatch, find
565 the vptr value used, and the statically declared type of the
566 object; retrieve the vtable map variable for the type of the
567 object; generate a call to __VLTVerifyVtablePointer; and insert the
568 generated call into the basic block, after the point where the vptr
569 value is gotten out of the object and before the virtual method
570 dispatch. Make the virtual method dispatch depend on the return
571 value from the verification call, so that subsequent optimizations
572 cannot reorder the two calls. */
573
574 static void
575 verify_bb_vtables (basic_block bb)
576 {
577 gimple_seq stmts;
578 gimple stmt = NULL;
579 gimple_stmt_iterator gsi_vtbl_assign;
580 gimple_stmt_iterator gsi_virtual_call;
581
582 stmts = bb_seq (bb);
583 gsi_virtual_call = gsi_start (stmts);
584 for (; !gsi_end_p (gsi_virtual_call); gsi_next (&gsi_virtual_call))
585 {
586 stmt = gsi_stmt (gsi_virtual_call);
587
588 /* Count virtual calls. */
589 if (gimple_code (stmt) == GIMPLE_CALL)
590 {
591 tree fncall = gimple_call_fn (stmt);
592 if (TREE_CODE (fncall) == OBJ_TYPE_REF)
593 total_num_virtual_calls++;
594 }
595
596 if (is_vtable_assignment_stmt (stmt))
597 {
598 tree lhs = gimple_assign_lhs (stmt);
599 tree vtbl_var_decl = NULL_TREE;
600 struct vtbl_map_node *vtable_map_node;
601 tree vtbl_decl = NULL_TREE;
602 gimple call_stmt;
603 const char *vtable_name = "<unknown>";
604 tree tmp0;
605 bool found;
606 int mem_ref_depth = 0;
607
608 /* Make sure this vptr field access is for a virtual call. */
609 if (!var_is_used_for_virtual_call_p (lhs, &mem_ref_depth))
610 continue;
611
612 /* Now we have found the virtual method dispatch and
613 the preceding access of the _vptr.* field... Next
614 we need to find the statically declared type of
615 the object, so we can find and use the right
616 vtable map variable in the verification call. */
617 tree class_type = extract_object_class_type
618 (gimple_assign_rhs1 (stmt));
619
620 gsi_vtbl_assign = gsi_for_stmt (stmt);
621
622 if (class_type
623 && (TREE_CODE (class_type) == RECORD_TYPE)
624 && TYPE_BINFO (class_type))
625 {
626 /* Get the vtable VAR_DECL for the type. */
627 vtbl_var_decl = BINFO_VTABLE (TYPE_BINFO (class_type));
628
629 if (TREE_CODE (vtbl_var_decl) == POINTER_PLUS_EXPR)
630 vtbl_var_decl = TREE_OPERAND (TREE_OPERAND (vtbl_var_decl, 0),
631 0);
632
633 gcc_assert (vtbl_var_decl);
634
635 vtbl_decl = vtbl_var_decl;
636 vtable_map_node = vtbl_map_get_node
637 (TYPE_MAIN_VARIANT (class_type));
638
639 gcc_assert (verify_vtbl_ptr_fndecl);
640
641 /* Given the vtable pointer for the base class of the
642 object, build the call to __VLTVerifyVtablePointer to
643 verify that the object's vtable pointer (contained in
644 lhs) is in the set of valid vtable pointers for the
645 base class. */
646
647 if (vtable_map_node && vtable_map_node->vtbl_map_decl)
648 {
649 use_operand_p use_p;
650 ssa_op_iter iter;
651
652 vtable_map_node->is_used = true;
653 vtbl_var_decl = vtable_map_node->vtbl_map_decl;
654
655 if (TREE_CODE (vtbl_decl) == VAR_DECL)
656 vtable_name = IDENTIFIER_POINTER (DECL_NAME (vtbl_decl));
657
658 /* Call different routines if we are interested in
659 trace information to debug problems. */
660 if (flag_vtv_debug)
661 {
662 int len1 = IDENTIFIER_LENGTH
663 (DECL_NAME (vtbl_var_decl));
664 int len2 = strlen (vtable_name);
665
666 call_stmt = gimple_build_call
667 (verify_vtbl_ptr_fndecl, 4,
668 build1 (ADDR_EXPR,
669 TYPE_POINTER_TO
670 (TREE_TYPE (vtbl_var_decl)),
671 vtbl_var_decl),
672 lhs,
673 build_string_literal
674 (len1 + 1,
675 IDENTIFIER_POINTER
676 (DECL_NAME
677 (vtbl_var_decl))),
678 build_string_literal (len2 + 1,
679 vtable_name));
680 }
681 else
682 call_stmt = gimple_build_call
683 (verify_vtbl_ptr_fndecl, 2,
684 build1 (ADDR_EXPR,
685 TYPE_POINTER_TO
686 (TREE_TYPE (vtbl_var_decl)),
687 vtbl_var_decl),
688 lhs);
689
690
691 /* Create a new SSA_NAME var to hold the call's
692 return value, and make the call_stmt use the
693 variable for that purpose. */
694 tmp0 = make_temp_ssa_name (TREE_TYPE (lhs), NULL, "VTV");
695 gimple_call_set_lhs (call_stmt, tmp0);
696 update_stmt (call_stmt);
697
698 /* Find the next stmt, after the vptr assignment
699 statememt, which should use the result of the
700 vptr assignment statement value. */
701 gsi_next (&gsi_vtbl_assign);
702 gimple next_stmt = gsi_stmt (gsi_vtbl_assign);
703
704 if (!next_stmt)
705 return;
706
707 /* Find any/all uses of 'lhs' in next_stmt, and
708 replace them with 'tmp0'. */
709 found = false;
710 FOR_EACH_PHI_OR_STMT_USE (use_p, next_stmt, iter,
711 SSA_OP_ALL_USES)
712 {
713 tree op = USE_FROM_PTR (use_p);
714 if (op == lhs)
715 {
716 SET_USE (use_p, tmp0);
717 found = true;
718 }
719 }
720 update_stmt (next_stmt);
721 gcc_assert (found);
722
723 /* Insert the new verification call just after the
724 statement that gets the vtable pointer out of the
725 object. */
726 gsi_vtbl_assign = gsi_for_stmt (stmt);
727 gsi_insert_after (&gsi_vtbl_assign, call_stmt,
728 GSI_NEW_STMT);
729
730 any_verification_calls_generated = true;
731 total_num_verified_vcalls++;
732 }
733 }
734 }
735 }
736 }
737
738 /* Main function, called from pass->excute(). Loop through all the
739 basic blocks in the current function, passing them to
740 verify_bb_vtables, which searches for virtual calls, and inserts
741 calls to __VLTVerifyVtablePointer. */
742
743 unsigned int
744 vtable_verify_main (void)
745 {
746 unsigned int ret = 1;
747 basic_block bb;
748
749 FOR_ALL_BB (bb)
750 verify_bb_vtables (bb);
751
752 return ret;
753 }
754
755 /* Gate function for the pass. */
756
757 static bool
758 gate_tree_vtable_verify (void)
759 {
760 return (flag_vtable_verify);
761 }
762
763 /* Definition of this optimization pass. */
764
765 namespace {
766
767 const pass_data pass_data_vtable_verify =
768 {
769 GIMPLE_PASS, /* type */
770 "vtable-verify", /* name */
771 OPTGROUP_NONE, /* optinfo_flags */
772 true, /* has_gate */
773 true, /* has_execute */
774 TV_VTABLE_VERIFICATION, /* tv_id */
775 ( PROP_cfg | PROP_ssa ), /* properties_required */
776 0, /* properties_provided */
777 0, /* properties_destroyed */
778 0, /* todo_flags_start */
779 TODO_update_ssa, /* todo_flags_finish */
780 };
781
782 class pass_vtable_verify : public gimple_opt_pass
783 {
784 public:
785 pass_vtable_verify (gcc::context *ctxt)
786 : gimple_opt_pass (pass_data_vtable_verify, ctxt)
787 {}
788
789 /* opt_pass methods: */
790 bool gate () { return gate_tree_vtable_verify (); }
791 unsigned int execute () { return vtable_verify_main (); }
792
793 }; // class pass_vtable_verify
794
795 } // anon namespace
796
797 gimple_opt_pass *
798 make_pass_vtable_verify (gcc::context *ctxt)
799 {
800 return new pass_vtable_verify (ctxt);
801 }
802
803 #include "gt-vtable-verify.h"
Mirror of the offical gcc git repository hosted at gcc.gnu.org